3 Replies Latest reply on Jul 20, 2006 5:35 AM by Jiji Sasidharan

    Configuration to remove key

    Jiji Sasidharan Newbie

      I'm using Jboss 4.0.4 and the reponses from my web application deployed in Jboss has the following header

      HTTP/1.1 200 OK
      Server: Apache-Coyote/1.1
      Set-Cookie: JSESSIONID=A8E4FE8EEF15F400077A297E49F2C611; Path=/; Secure
      Content-Type: text/html;charset=ISO-8859-1
      Content-Length: 433
      Date: Tue, 11 Jul 2006 14:29:38 GMT
      Connection: keep-alive


      Im bothered about the key Server since it expose the actual server info to outside. Is there any way to remove this? Or any way to change the value of the key Server to some other value like "MyServer"


        • 1. Re: Configuration to remove key
          Andrew Rubinger Master

          I haven't seen the header "Server", but in the past I've changed the default "X-Powered-By" header by altering the value in the initialization parameter for the ReplyHeaderFilter in the global web.xml.

          Check the filter definitions declared in the Tomcat SAR in your deploy directory (usually $JBOSS_HOME/server/[instancename]/deploy/jbossweb-tomcat55.sar/conf/web.xml).

          Good luck.

          S,
          ALR

          • 2. Re: Configuration to remove key Server from HTTP header
            Jiji Sasidharan Newbie

            Ya.. I removed that from the header. I want to remove the Server also.

            I put a Valve in the request/reponse processing pipeline and tried to change value of the key Server. but wat i got is the key Server got added twice in the header.

            HTTP/1.1 200 OK
            Server: Apache-Coyote/1.1
            Set-Cookie: JSESSIONID=BAEB56FBC19BEE1B1C5FECBBBEBA5C80; Path=/; Secure
            
            Stored cookie 192.168.3.156 443 / nonpermanent 1 Thu Jan 1 05:29:59 1970
             JSESSIONID BAEB56FBC19BEE1B1C5FECBBBEBA5C80
            Server: My Server
            Content-Type: text/html
            Content-Length: 0
            Date: Thu, 20 Jul 2006 08:25:34 GMT
            Connection: keep-alive


            ...and my Source code is


            import javax.servlet.http.HttpServletResponse;
            import java.io.IOException;
            import javax.servlet.ServletException;
            import org.apache.catalina.connector.Request;
            import org.apache.catalina.connector.Response;
            import org.apache.commons.logging.Log;
            import org.apache.catalina.valves.ValveBase;
            
            public class KnHttpRequestFilterValve extends ValveBase {
            
             private static final String info = KnHttpRequestFilterValve.class.getName() + "/1.0";
            
             public String getInfo() {
             return info;
             }
            
             public void invoke(Request request, Response response)
             throws IOException, ServletException {
            
             Log log = container.getLogger();
             // process request
             log.debug("Processing Request...");
             processRequest(request, response);
            
             // call next valve
             getNext().invoke(request, response);
            
             // process response
             log.debug("Processing Responses...");
             processResponse(request, response);
             }
            
             private void processRequest(Request request, Response response)
             throws IOException, ServletException {
             }
            
             private void processResponse(Request request, Response response)
             throws IOException, ServletException {
            
             if (response instanceof HttpServletResponse) {
             ((HttpServletResponse)response).setHeader("Server", "My Server");
             }
             }
            }
            


            ... and the valve configuration is


            <Host name="localhost"
             autoDeploy="false" deployOnStartup="false" deployXML="false">
            
             <Valve className="com.kodiak.wgp.container.util.KnHttpRequestFilterValve" />
             .......
             .......


            I feel like the key Server is put in the last stage of response processing pipeline. Any idea to remove this ??

            Thanks,
            Jiji

            • 3. Re: Configuration to remove key
              Jiji Sasidharan Newbie

              I got the solution...

              We can change value of key Server by configuring it in the Connector configuration in "server.xml".

              ......
              ......
              <Connector server="My Server" port="8080" address="${jboss.bind.address}"
               maxThreads="5000" maxSpareThreads="40" minSpareThreads="20"
               strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true"
               enableLookups="true" acceptCount="40"
               connectionTimeout="60000" disableUploadTimeout="true"/>
              ......
              ......


              Now the response is

              HTTP/1.1 200 OK
              Set-Cookie: JSESSIONID=9C46D0475D0626A7CDC622410D5F3B4A; Path=/
              
              Stored cookie 192.168.1.58 8080 / nonpermanent 0 Thu Jan 1 05:29:59 1970
               JSESSIONID 9C46D0475D0626A7CDC622410D5F3B4A
              Content-Type: text/html;charset=ISO-8859-1
              Content-Length: 450
              Date: Thu, 20 Jul 2006 09:14:15 GMT
              Connection: keep-alive
              Server: My Server


              ~Jiji :)